This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNTPService.exe (sophos network threat protection service) with high memory usage

Hello Community,

I have a computer that sophos network threat protection service is always growing up in memory until it crash the main application that was running on it.

the process is called: SNTPSERVICE.EXE

I uninstalled Sophos, restarted and reinstalled it but still the same. It is now consuming 4gbits of RAM memory.

Sophos Endpoint Security and Control version 10.7

Windows 7 64Bits

 

In my Sophos Console, I can see an Error dated from 01/29/2018 that says :

The on-access driver was unable to create an impresonation token for file \Device\HarddiskVolume2\Users\****\AppData\Local\Temp\OLKEDFD.tmp. [0xe3d000f]

 

Any ideas?

 



This thread was automatically locked due to age.
  • Hello GCCA,

    off the top of my head this is something Support should look into. How fast it is growing? Anything unusual about or in the NTP log? Oh and BTW, n cases like this one the minor SAV version is equally important - not just 10.7 but 10.7.2 or 10.7.6, and ideally all available sophostications [sorry, couldn't resist] of the version number.
    The SAV error is "just" a consequence of the apparent memory depletion.

    Christian

  • Hello QC,

    The SAV version is 10.7.6 VE3.70.2

    It takes approximatly 1 hour to grow up to 3.5Gbits then it stay at 3.5GB.

    Sophos NTP log 

    Full of :

    a 2018-01-30 09:11:45.352 [2140:2204] - Process: '\device\harddiskvolume2\windows\system32\spoolsv.exe' accessed: 10.228.117.41:65002
    a 2018-01-30 09:11:45.356 [2140:2204] - Process: '\device\harddiskvolume2\windows\system32\spoolsv.exe' accessed: 10.228.117.41:65002
    a 2018-01-30 09:11:45.359 [2140:2204] - Process: '\device\harddiskvolume2\windows\system32\spoolsv.exe' accessed: 10.228.117.41:65002
    a 2018-01-30 09:11:45.361 [2140:2204] - Process: '\device\harddiskvolume2\windows\system32\spoolsv.exe' accessed: 10.228.117.41:65002
    a 2018-01-30 09:11:45.364 [2140:2204] - Process: '\device\harddiskvolume2\windows\system32\spoolsv.exe' accessed: 10.228.117.41:65002
    a 2018-01-30 09:11:45.366 [2140:2204] - Process: '\device\harddiskvolume2\windows\system32\spoolsv.exe' accessed: 10.228.117.41:65002
    a 2018-01-30 09:11:45.369 [2140:2204] - Process: '\device\harddiskvolume2\windows\system32\spoolsv.exe' accessed: 10.228.117.41:65002

    Thanks for your help QC :-)
  • It is a printer that was flooding our computer.

    Thanks for help